Stack Overflow
Stack Overflow

Questions tagged [jwt]

JSON Web Token (JWT, pronounced "jot") is a type of token-based authentication used in space-constrained environments such as HTTP Authorization headers. Use this tag for questions relating to the configuration, generation and usage of JWTs in your code.

JSON Web Token (JWT, pronounced "jot") is a token format for use in space-constrained environments such as HTTP authorization headers. It is defined in RFC 7519.

JWTs encode security "claims" as JSON objects and the token can be signed and or encrypted. JWT is used by the OpenID Connect authenticatication standard.

More information about JWT and libraries for different languages can be found on the official JWT site.

17340 questions
5
votes
0 answers

Asp.net core caching jwk during jwt validation

I'm relativly new to .NET. I am using ASP.NET Core 2.1. I am handing authentication using JWTs. As part of the jwt validation I call out to the issuer and get their public key to check my tokens integritry. So I…
TheMethod
  • 2,893
  • 9
  • 41
  • 72
5
votes
2 answers

X.509 extensions for verifying JWT

I'd like to create a X.509 public key certificate to verify signatures, esp. JWT Tokens. I'd like to know which properties and extensions properties to set to which values on the certificate to restrict it for JWT verification. Unfortunately, the…
Waog
  • 7,127
  • 5
  • 25
  • 37
5
votes
1 answer

How to save an Offer to Google Wallet using JWT?

Actually I want to save an offer to 'Google Wallet'. As I haven't worked on it before I did some RND and came across this documentation. In this documentation they are creating Offer class object at Android side but, in my case the Offer class…
Dnyanesh M
  • 1,349
  • 4
  • 18
  • 46
5
votes
1 answer

Handling id_token in ASP.NET Core API

I'm implementing Auth0 with my ASP.NET Core 2.1 app with React front end. After the user authenticates, I do get both an access_token and an id_token. I'm clear that I send the access_token in the header to gain access to my API methods but I'm not…
Sam
  • 26,817
  • 58
  • 206
  • 383
5
votes
2 answers

How can I change the JWT expire time in FeathersJS?

I was looking at this question on how to set the sub claim of a JWT in FeathersJS, but when I print hook.params, there is no jwt in there. Only authenticated, query, route, provider, headers, user and payload. So I remain with the question: how can…
Sven Deckers
  • 301
  • 1
  • 8
5
votes
2 answers

Spring security with JWT always returns 401 unauthorized

1 @Configuration @EnableWebSecurity @EnableGlobalMethodSecurity(prePostEnabled = true) public class WebSecurityConfig extends WebSecurityConfigurerAdapter { @Resource(name = "userService") private UserDetailsService…
Kyoko
  • 65
  • 1
  • 2
  • 6
5
votes
1 answer

Why does UserManager.GetUserAsync return null when using JWT?

I have some issues with my .NET CORE 2.1 web api. Im using Identity framework and JWT-tokens for authentication, but whenever I try to get the current user in a controller I get a null reference error. All settings look fine from what I can see, and…
user5283666
5
votes
1 answer

Why the authentication should be implemented in a filter and not in a controller?

Following a good tutorial about how to implement JWT authentication in a Spring Boot application (https://auth0.com/blog/implementing-jwt-authentication-on-spring-boot/), I have seen that the /login is handled by a filter and not by a controller.…
eprats
  • 345
  • 3
  • 9
5
votes
2 answers

Angular: Only load lazy-loaded module from server if authorized (using JWT)

I'm using lazy-loaded modules in my angular application and until now everything works fine. Now I have a specific question about securing and I did not find an answer yet. You have the opportunity to "secure" lazy loaded modules with an Angular…
Sazeidya
  • 81
  • 3
5
votes
1 answer

How to get the JWT (using OpenIdConnect) from HttpContext, and pass to Azure AD Graph API

Background We developed an application in 2016 that authenticated using WS-Federation, to grab claims from the on-premises AD. The direction of the IT strategy has changed, and is moving toward Azure AD (currently hosting a hybrid environment).…
Scuba Steve
  • 1,541
  • 1
  • 19
  • 47
5
votes
3 answers

Django API works locally but not when deployed on Elastic Beanstalk

I'm working with Django Rest Framework and Django Rest Framework JWT, but I'm running into an issue in regards to local behavior vs external behavior. When I make a POST request to get a JWT token, everything works as desired both locally and on my…
rustyshackleford
  • 692
  • 1
  • 7
  • 22
5
votes
2 answers

Where to get Public key for validating a JWT Token in Java or Kotlin

I am using Kotlin with Vertx at the Backend and the frontend forwards me a JWT token after getting authenticated from One Login. Now, I want to make sure that the Token is valid not fake(made up). If I follow following link, it says that I need a…
Adnan Raza
  • 105
  • 1
  • 9
5
votes
1 answer

How to safely store JSON Web Token in Chrome Extension for further API use?

I've looked all over and cannot find a definitive way to safely store a JWT for an API inside a Chrome Extension. My app allows users to log into their 3rd party account over an HTTPS connection, which then returns a token to use for further API…
CyrisXD
  • 147
  • 9
5
votes
1 answer

How to extract public and private key from RSA JWK?

I'm trying to sign some data with a JWK i've been provided with. So far i've tried to do this with jwt.io, the header is { "alg" : "RS256", "typ" : "JWT" } and the payload is { "iss" : "4@john" } Now to sign this I need a public and a private key.…
Red-ER
  • 173
  • 2
  • 11
5
votes
3 answers

Tymon\JWTAuth::toUser error: A token is required

I have a Larvel API that uses Tymon\JWTAuth to authenticate the user. It is working fine. For some reasons I have also a non-guarded route in web.php: Route::get('myroute', 'MyController@mymethod'); The code of MyController@mymethod is the…
Fabry
  • 1,498
  • 4
  • 23
  • 47
1 2 3
99 100